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ABSTRACT 

Computer  security  is  one  of  the  most  important  parameters  considered  in  any  computer  system  to  prevent  any  data 
misuse  by  an  unauthorized/  outside  intrusion.  Cryptography  is  one  technique  for  data/  computer  security.  In  this  paper, 
we  have  proposed  a  technique  for  a  more  secure  data  transfer  which  is  a  alteration  to  the  classical  public  key  crytogarphy 
method  known  as  Unique  Information  Based  Secure  RSA.  This  method  is  based  on  public  key  cryptography  scheme. 
In  Unique  Information  Based  Secure  (UI  SECURE)  RSA  public  key  of  a  user  is  derived  from  his/her  unique  identity  such 
as  email  id,  phone  number.  With  the  use  of  UI  SECURE  RSA,  there  is  no  need  of  public  key  certificates.  It  has  a  special 
entity  called  SEM.  SEM  is  an  on-line  partially  trusted  server.  For  using  services  of  SEM,  a  user  needs  to  obtain  an  identity 
based  token  from  SEM.  A  message  cannot  be  encrypted  or  decrypted  without  this  token.  UI  SECURE  RSA  divides  the 
private  key  of  the  user  in  two  parts:  one  part  is  given  to  the  user  and  the  other  to  the  SEM.  Both  parts  of  the  key  are  used  to 
encrypt/decrypt  the  message.  This  technique  is  very  secure  as  the  key  cannot  be  derived  using  half  key. 

KEYWORDS:  Cryptography,  Public  Key,  Private  Key,  Encryption,  Decryption 

INTRODUCTION 

In  today's  world,  almost  every  sector  including  banking,  entertainment,  education  etc  are  online 
i.e.  the  customer/  user  can  access  them  through  internet  from  anywhere  according  to  their  comfort.  This  is  a  great 
advantage  of  internet,  but  this  advantage  comes  along  with  a  drawbacks.  As  the  data  is  available  on  the  web  so  there  are 
considerable  chances  of  data  loss,  leakage  of  confidential  data,  misuse/  intrusion  or  alteration  in  the  data.  So,  to  overcome 
these  drawbacks,  it  is  important  to  protect  our  data  by  using  proper  data  security  schemes.  Security  services  include 
authentication,  access  control,  data  confidentiality,  data  integrity,  nonrepudiation,  and  availability.[l] 

The  NIST  Computer  Handbook  [NIST95]  defines  the  computer  security  as  "The  protection  afforded  to  an 
automated  information  system  in  order  to  attain  the  applicable  objectives  of  preserving  the  integrity,  availability, 
and  confidentiality  of  information  system  resources  (includes  hardware,  software,  firmware,  information/data, 
and  telecommunications)". 

The  key  principles  of  security  can  be  summarized  as: 

•  Confidentiality:  Confidentiality  is  the  principle  that  is  based  on  maintaining  the  secrecy  of  data  between  the 
identified  set  of  users,  i.e.  the  intended  sender  and  receiver.  No  other  entity,  i.e.  an  unauthorized  entity  or  intruder, 
should  be  able  to  access  the  data. 

•  Authentication:  Authentication  is  the  principle  that  is  based  on  identifying  the  authenticity  of  the  entity  which  is 
interested  in  accessing  the  data. 
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•  Integrity:  Integrity  is  the  principle  that  is  based  on  ensuring  that  the  data  received  by  the  receiver  is  exactly  the 
same  as  sent  by  the  sender.  If  the  data  is  modified  during  the  transit,  integrity  is  violated  or  lost. 

•  Non-Repudiation:  Non-repudiation  principle  is  based  on  implying  technologies  such  that  the  set  of  users, 
i.e.  the  sender  and  the  receiver,  cannot  deny  the  transaction  of  data.  The  sender  entity  cannot  refuse  that  it  has  sent 
the  data  as  well  as  the  receiver  cannot  deny  the  reception  of  data. 

•  Access  Control:  Access  control  principle  is  based  on  determining  the  restriction  in  data  access  by  the  receiver. 
If  there  are  a  number  of  receivers  who  can  access  the  data,  then  the  receiver  control  on  the  data  can  be  controlled 
and  different  receivers  can  be  provided  with  different  controls  on  data. 

•  Availability:  The  principle  of  availability  ensures  that  the  data  is  available  whenever  it  is  needed. 
A  high  availability  system  is  required  to  maintain  a  continuous  data  availability.  It  is  quite  obvious  that  to 
maintain  data  availability,  a  check  on  security  attack  is  a  key  element. 

SECURITY  ATTACK 

Security  attack  can  be  defined  as  an  intruder  attack  on  the  system  with  the  intention  of  destroying,  exposing, 
altering,  stealing  or  gaining  of  unauthorized  access  to  an  asset.  In  the  worst  case,  security  attack  can  lead  to  a  condition 
where  the  organization's  network  devices  or  even  the  entire  network  is  owned  by  the  intruder  or  the  attacker. 
Attacks  can  be  broadly  classified  as: 

•  Passive  Attack:  Passive  attack  can  be  defined  as  a  silent  attack,  where  the  intruder  does  not  attempt  to 
breakthrough  or  modify  the  original  system.  Instead,  he  keeps  an  eye  on  all  the  communication  between  the 
authorized  parties.  In  passive  attacks,  the  sender  and  the  receiver  are  not  even  aware  that  their  confidential  data  is 
exposed  to  a  third  person.  This  way  the  intruder  can  easily  misuse  the  data  without  even  being  in  knowledge  of 
the  data  owner. 

•  Active  Attack:  In  contrast  to  passive  attacks,  in  active  attacks  the  original  message  or  data  is  modified. 
The  intruder  tries  to  breakthrough  the  original  data  or  message.  Active  attacks  can  affect  the  availability,  integrity, 
confidentiality  and  authenticity  of  the  system.  [2] 

CRYPTOGRAPHY 

Expose,  alter,  disable,  steal  or  gain  unauthorized  access  to  or  make  unauthorized  use  of  an  asset.  Attacks  are  of 
two  types- 

•  Passive  Attack 

•  Active  Attack 

Passive  Attacks:  Passive  attacks  do  not  involve  any  modification  to  the  contents  of  the  original  message. 
The  main  aim  is  to  monitor  data  transmission. 

Active  Attacks:  In  active  attacks,  the  contents  of  the  original  message  are  modified  in  some  way. 
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Cryptography 

It  is  the  art  and  science  of  achieving  security  by  encoding  messages  to  make  them  non-readable. 
Symmetric  Encryption 

It  is  also  known  as  conventional,  secret-key,  single-key 

•  Sender  and  recipient  share  a  common  key 

•  Was  the  only  type  of  cryptography,  prior  to  invention  of  public -key  in  1970's  [1] 
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Figure  1:  Symmetric  Key  Encryption 


Public-Key  Cryptography 


Also  known  as  asymmetric  cryptography,  refers  to  a  cryptographic  algorithm  which  requires  two  separate  keys, 
one  of  which  is  secret  (or  private)  and  one  of  which  is  public.  Although  different,  the  two  parts  of  this  key  pair  are 
mathematically  linked.  The  public  key  is  used  to  encrypt  plaintext  or  to  verify  a  digital  signature;  whereas  the  private  key 
is  used  to  decrypt  ciphertext  or  to  create  a  digital  signature.  The  term  "asymmetric"  stems  from  the  use  of  different  keys  to 
perform  these  opposite  functions,  each  the  inverse  of  the  other  -  as  contrasted  with  conventional  ("symmetric") 
cryptography  which  relies  on  the  same  key  to  perform  both  [1]. 
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Figure  2:  Public  Key  Cryptography 


RSA  Algorithm 


RSA  was  developed  by  Ron  Rivest,  Adi  Shamir,  and  Leonard  Adleman  in  1977.  RSA  is  an  algorithm  used  by 
modern  computers  to  encrypt  and  decrypt  messages.  It  is  an  asymmetric  cryptographic  algorithm  [10]. 

RSA  involves  a  public  key  and  private  key.  The  public  key  can  be  known  to  everyone,  it  is  used  to  encrypt 
messages.  Messages  encrypted  using  the  public  key  can  only  be  decrypted  with  the  private  key.  The  keys  for  the 
RSA  algorithm  are  generated  the  following  way: 

•  Choose  two  different  large  random  prime  numbers  p  and  q 

•  Calculate  n=pq 
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•  Calculate  the  totient:  (])(n)  =  (p-1)  (q-1). 

•  Choose  an  integer  e  such  that  1  <  e  <  (f)(n),  and  e  is  coprime  to  (f)(n)  ie:  e  and  (f)(n)  share  no  factors  other  than  1 ; 
gcd  (e,  <|)(n)  =  l. 

o    e  is  released  as  the  public  key  exponent 

•  Compute  d  such  that  de  mod  (f)(n)=l. 

o    d  is  kept  as  the  private  key  exponent 

Suppose,  there  are  two  users  Alice  and  Bob,  who  wish  to  communicate  with  each  other  in  a  secure  manner. 
The  methods  for  encrypting  and  decrypting  the  messages  using  RSA  algorithm  are  explained  below- 
Encrypting  Messages 

Alice  gives  her  public  key  (n  &  e)  to  Bob  and  keeps  her  private  key  secret.  Bob  wants  to  send  message 
M  to  Alice. 

First  he  encrypts  the  message  m- 

C=  me  mod  n 

Bob  then  sends  c  to  Alice  [7]. 
Decrypting  Messages 

Alice  can  recover  m  from  c  by  using  her  private  key  d  in  the  following  procedure  [7]: 

m=cd  mod  n 
Problem  Statement 

Using  secret  key  and  an  encryption  algorithm,  the  sender  encrypts  the  message.  The  receiver  using  the  same  secret 
key  and  the  corresponding  decryption  algorithm  decrypts  the  message.  However,  the  Public  Key  Cryptography  (PKC) 
Scheme  introduced  by  Diffie  and  Hellman  (1976)  gave  the  concept  that  the  sender  and  receiver  need  not  use  the  same 
secret  key  for  encryption  and  decryption.  In  fact,  the  sender  uses  a  key  called  public  key  to  encrypt  and  the  receiver  uses  a 
different  key  called  private  key,  for  decryption.  This  concept  revolutionized  the  cryptography  research. 
This  also  introduced  the  concept  of  Digital  Signature  (Rivest  et  al.,  1978).  Though  there  are  number  of  algorithms 
available  to  implement  the  PKC,  the  main  problem  lies  in  the  distribution  of  the  Public  key.  This  is  done  by  a  Certification 
Authority  (CA),  which  distributes  the  Public  Key  of  a  user  in  the  form  of  a  signed  certificate.  This  leads  to  the  issues  of 
certificate  management  like  revocation,  distribution,  storage  and  verification. 

Unique  Information  Based  Public  Key  Encryption  is  a  solution  to  these  problems. 

UI  Secure  RSA 

This  is  a  scheme,  in  which,  an  entity's  public  key  is  derived  directly  from  certain  aspects  of  its  identity, 
for  example,  an  IP  address  belonging  to  a  network  host,  or  an  e-mail  address  associated  with  a  user. 
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In  this  scheme,  a  simple  identity  based  cryptosystem  developed  atop  some  Mediated  RSA  (mRSA) 
(Boneh  et  ai,  2002)  has  been  proposed. 


Algorithm  for  hev  generation- 

Let  w  (  ev  en)  be  the  security  parameter 

1 .)    Generate  random  w/2  it  primes  x 

and  y 

Such  that  p  =  2x  +  1,  an 
q  =  2y+l  are 

2.)  n=pq 

d 

also  prime 

3.)  cpCn^Cp-lXq-l) 

4.)    For  each  user  'A' 

a.)  eA=ff(lDj<0 

b.)   d-A=  1/e^  mod  tp(n) 

c.)  dAii=Zri 

d.)   ^asem  =  (d-dAjj)mo 

Algorithm  for  key  generation  is  described  above.  Certificate  Authority  (CA),  chooses  two  large  prime  numbers 
x  and  y  randomly  such  that  p  =  2x  +  1  and  q  =  2y+l  are  also  primes.  Then  n  =  pq  and  (p(n)  =  (p-l)(q-l)  are  computed. 
The  public  key  of  user  A  is  generated  by  as  the  output  of  ff(IDA).  ff  must  be  set  beforehand.  It  is  an  efficient  mapping  hash 
function.  The  function  must  be  a  one  to  one  mapping  from  identity  strings  to  public  keys.  Zn  is  a  randomly  chosen 
odd  number  relatively  prime  to  (p(n). 

Algorithm  for  encryption 

1.  )   n,  k  and  f fare  retrieve  dfrom  the  domain 

certificate. 

2.  )  e=fftlD^) 

3.  )   Encrypt  the  input  message  m  with  (e,n) 

using  standard  RSA. 

The  algorithm  for  encrypting  a  message  m  is  given  above.  For  encrypting  a  message  m,  a  used  only  needs 
receiver's  unique  information  such  as  email  id,  phone  number  and  the  domain  certificate.  After  this  the  message  encrypted 
using  RSA  algorithm  as  described  above.  The  decryption  is  also  same  as  encryption  and  the  decryption  algorithm  is 
given  below- 


DecrvDtion  algorithm 

1.)  USER 

m  —  Encrypte  dMessage 

2/)    m'  is  s 

end  to  SEM 

3.)     In  parallel: 

(i.,  SEM: 

(a)  HDsenl« —  m*  d£tnl  modn 

(V)      Send  HD„  to  USER 

rn  USER: 

C=9  HDu^m'^mocln 

4.)  USER: 

M^(Hn,„  *  HE\j)  modn 

J.)  USER: 

m« —  RSA  decoding  ofM 

Impact  Factor(JCC):  1.5548  -  This  article  can  be  downloaded  from  www.impactjournals.us 


148 


Neha  Gupta,  Ravi  Kumar  Gupta  &  Shipra  Gupta 


Mapping  Function  FF 

MD-5  or  SHA-1,  any  of  the  hash  functions  can  be  safely  used  as  mapping  function  ff.  MD-5  and  SHA-1  both  are 
cryptographic  hash  functions.  MD-5  produces  a  128  bit  hash  value  and  SHA-1  produces  a  160  bit  hash  value  [9]. 

Table  1:  Comparison  of  MD-5  and  SHA-1 


MD5 

SHA-1 

•     Message  digest  is  128  bits  in  length. 

•     Message  digest  is  160  bits  in  length. 

•     It  requires  2 128  attacks  to  compute 
the  original  message. 

•     It  requires  2 160  attacks  to  compute 
the  original  message. 

•     Attack  to  try  and  find  two  message 
producing  the  same  message  digest 
requires  264  operations. 

•     Attack  to  try  and  find  two  message 
producing  the  same  message  digest 
requires  280  Operations 

•     It  is  faster  with  64  iterations  and  128 
bit  buffer. 

•     It  is  slower  as  compared  to  MD5 
with  80  iterations  and  160  bit  buffer. 

Properties  of  Hash  Functions 

•  It  is  easy  to  compute  the  hash  value  of  any  given  message. 

•  It  is  infeasible  to  generate  a  message  that  has  a  given  hash. 

•  It  is  infeasible  to  modify  a  message  without  changing  the  hash. 

•  It  is  infeasible  to  find  two  different  messages  with  the  same  hash. 
Performance  Comparison 

Performance  comparison  of  different  encryption  keys  are  given  below- 
Table  2 


Keys 

RSA 
Mod  lkb 

RSA 
Mod  2kb 

RSA 
Mod  3kb 

128  bit  key 

6  ms 

19  ms 

53  ms 

160  bit  key 

7  ms 

24  ms 

72  ms 

Figure  3 
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MD-5  hash  function  produces  a  key  of  128  bits  and  SHA-1  produces  a  key  of  160  bits.  Described  above  is  a 
performance  comparison  of  the  algorithm  using  both  when  128  bit  key  (MD-5)  is  used  and  when  160  bit  key  is  used 
(SHA-1).  Since,  MD-5  produces  a  128  bit  key,  its  execution  time  is  faster  than  compared  to  SHA-1  but  SHA-1  is 
more  secure. 

CONCLUSIONS 

Unique  Information  Based  Secure  RSA  can  be  implemented  easily  because  in  the  present  scenario  RSA  is  widely 
accepted  and  implemented  cryptographic  algorithm.  It  provides  high  security  to  the  clients  and  can  be  used  to  transmit 
confidential  data  from  one  end  to  another  with  proper  authentication.  It  provides  better  performance.  Less  than  1ms  time  is 
required  for  private  key  generation.  Time  taken  by  the  algorithm  to  encrypt  the  data  is  around  7ms  and  decryption  time 
reaches  approximately  35ms.  SEM,  the  third  party,  used  is  a  fully  trusted  third  party,  since  its  collision  with  any  other  can 
result  in  compromise  of  all  other  user's  secret  key  due  to  shared  RSA  modulus. 

FUTURE  WORK 

Here,  hash  function  is  used  for  public  key  mapping,  which  makes  this  algorithm  expensive  to  implement  than 
RSA  since  the  public  exponent  is  random.  We  need  to  search  upon  alternate  mapping  functions  that  can  produce 
more  efficient  RSA  components. 
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